SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"

Security

XSS vulnerability in Content-Type display in read_body

Date:
2004-05-30
Description:
By sending a specially crafted email an attacker could insert HTML code
in the attachment area of read_body.php. The Content-Type header was not
encoded before it was sent to the browser.
Affected Versions:
<= 1.4.3-RC1
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
n/a
Patch:
view patch
Credits:
Discovered by Roman Medina.
This page last updated:
2007-07-03 13:00:45
© 1999-2010 by The SquirrelMail Project Team